chore: Update dependencies in package.json

[MadeinFrance]

Update dependencies in package.json

[linux-foundation-easycla[bot]]

• :x: - login: @MadeinFrance / name: Maxime Gerbe . The commit (67b4556159fc7c2391ec3e79f5a1cf349fdeb910) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

[KazuCocoa]

Do you need this? This would not help existing installation in this repo since they install available latest one basically

[MadeinFrance]

Hi @KazuCocoa, the security scan detected issues with @appium/base-driver@npm:9.5.2 see the PR merged.

Sorry for the direct approach but in my project I saw that appium-chromedriver was used for appium-android-driver and since I include this repo@3.1.0 in package.json I thought it would be a good idea to bump the version.

Which approach should I follow? Wait for new versions?

[KazuCocoa]

It depends on your aim. If you need to manage this repository itself, then you could fork or we could merge this change to package.json while it does not change existing behavior except for package.json file info since every npm module installation gets available latest ones. (under non-node_modules)

Each release package includes shrinkwrap file in order to lock dependency versions. https://github.com/appium/appium-uiautomator2-driver/blob/master/.github/workflows/publish.js.yml . You could check it via npm pack appium-uiautomator2-driver or in installed uia2 driver package on your local. If you need to update such dependencies, using newer UIA2 driver is a general solution since every installation gets dependencies by following the lock file. If you need a newer release, since the shrinkwrap file is generated in a release script, we could release a new version with no changes in this repository itself.